Method and device for protection of an mram device against tampering

ABSTRACT

Data, stored in MRAM-cells should be protected against misuse or read-out by unauthorised persons. The present invention provides an array of MRAM-cells provided with a security device for destroying data stored in the MRAM-cells when they are tampered with. This is achieved by placing a permanent magnet adjacent the MRAM-array in combination with a soft-magnetic flux-closing layer. As long as the soft-magnetic layer is present, the magnetic field lines from the permanent magnet are deviated and flow through this soft-magnetic layer. When somebody is tampering with the MRAM-array, e.g. by means of reverse engineering, and the flux-closing layer is removed, the flux is no longer deviated and affects the nearby MRAM-array, thus destroying the data stored in the MRAM-cells.

The present invention relates to magnetic or magnetoresistive randomaccess memories (MRAMs), and more particularly to a method and devicefor protecting MRAM cells against tampering.

Magnetic or Magnetoresistive Random Access Memory (MRAM) is currentlybeing considered by many companies as a successor to flash memory. Ithas the potential to replace all but the fastest static RAM (SRAM)memories. This makes MRAM very suitable as embedded memory for System onChip (SoC). It is a non-volatile memory (NVM) device, which means thatno power is required to sustain the stored information. This is seen asan advantage over most other types of memory.

The MRAM concept was originally developed at Honeywell Corp. USA, anduses magnetization direction in a magnetic multilayer device asinformation storage and the resultant resistance difference forinformation readout. As with all memory devices, each cell in an MRAMarray must be able to store at least two states which represent either a“1” or a “0”.

Different kinds of magnetoresistive (MR) effects exist, of which theGiant Magneto-Resistance (GMR) and Tunnel Magneto-Resistance (TMR) arecurrently the most important ones. The GMR effect and the TMR orMagnetic Tunnel Junction (MTJ) or Spin Dependent Tunneling (SDT) effectprovide possibilities to realize a.o. non-volatile magnetic memories.These devices comprise a stack of thin films of which at least two areferromagnetic or ferrimagnetic, and which are separated by anon-magnetic interlayer. GMR is the magneto-resistance for structureswith conductor interlayers and TMR is the magneto-resistance forstructures with dielectric interlayers. If a very thin conductor isplaced between two ferromagnetic or ferrimagnetic films, then theeffective in-plane resistance of the composite multilayer structure issmallest when the magnetization directions of the films are parallel andlargest when the magnetization directions of the films areanti-parallel. If a thin dielectric interlayer is placed between twoferromagnetic or ferrimagnetic films, tunneling current between thefilms is observed to be the largest (or thus resistance to be thesmallest) when the magnetization directions of the films are paralleland tunneling current between the films is the smallest (or thusresistance the largest) when the magnetization directions of the filmsare anti-parallel.

Magneto-resistance is usually measured as the percentage increase inresistance of the above structures going from parallel to anti-parallelmagnetization states.

TMR devices provide higher percentage magneto-resistance than GMRstructures, and thus have the potential for higher signals and higherspeed. Recent results indicate tunneling giving over 40%magneto-resistance, compared to 10-14% magneto-resistance in good GMRcells.

A typical MRAM device comprises a plurality of magnetoresistive memoryelements, e.g. magnetic tunneling junction (MTJ) elements, arranged inan array. MTJ memory elements generally include a layered structurecomprising a fixed or pinned layer, a free layer and a dielectricbarrier in between. The pinned layer of magnetic material has a magneticvector that always points in the same direction. The magnetic vector ofthe free layer is free, but constrained within the easy axis of thelayer, which is determined chiefly by the physical dimensions of theelement. The magnetic vector of the free layer points in either of twodirections: parallel or anti-parallel with the magnetization directionof the pinned layer, which coincides with the said easy axis. Thefundamental principle of MRAM is the storage of information as binarydata, e.g. as “0” and “1”, based on directions of magnetization. This iswhy the magnetic data is non-volatile and will not change until it isaffected by an external magnetic field. When both magnetic films of thelayered structure of an MRAM-cell are magnetized with the sameorientation (parallel), the data is either of two binary values, e.g.“0”, otherwise, if both magnetic film of the layered structure of theMRAM-cell are magnetized with inverse orientation (anti-parallel), thedata is the other binary value, e.g. “1”. Making use of the fact thatthe resistance of the layered structure varies depending on whether ornot the orientations are parallel, the system can discriminate bothbinary values of the data, e.g. “0” or “1”.

For certain applications, for example in smartcards, the data stored inthe MRAM-cells is secret. It is essential that the data is secure, andcannot be retrieved in other ways than via the normal, controlledelectrical connections, e.g. from the pins of an IC. The data has to beprotected to prevent anyone from reading it in an unauthorized way.

In WO 00/07184 this problem is being solved by using a recordable datalayer within a perishable information storage mechanism, which inresponse to at least one of a predetermined use or a time factor isperishable, and thus eliminates access to the recorded data.

One of the embodiments described is in MRAM technology, wheremagnetoresistive memory cells each include a magnetic memory cellelement such as a multilayer GMR material, in which data is stored inthe form of magnetizing vectors. Data stored in the MRAM-cells is readby a reader which has the ability to exert magnetic fields sufficient toerase the data. Therefore, while reading or accessing information, amagnetic field which destroys the recorded data is produced.

A disadvantage of the solution described above is the fact that recordeddata becomes inaccessible even if it is not being misused. Access to thedata is denied or data is destroyed even if it is just used in a normaland authorized way.

Accordingly, it is highly desirable, for certain applications, forexample smartcards, to provide a security device such that data storedin MRAM-cells cannot be retrieved in other ways than through the normal,controlled electrical connections from the pins of the IC. It would beuseful to provide a memory device in which the stored data would becorrupted automatically when there is tampered with the memory device,but which does not alter the stored data during normal use.

It is an object of the present invention to provide a hardwareprotection against tampering that can easily be added to an embedded orstand-alone MRAM-array, especially in applications where security isessential or in which the integrity of data is crucial.

The above objective is accomplished by a method and device according tothe present invention.

The present invention provides an array of MRAM-cells provided with asecurity device for destroying data stored in the MRAM-cells when thearray is subject to tampering, wherein the security device is a magneticdevice. An advantage of the present invention is that data content ofMRAM cells is destroyed when the MRAM-array is tampered with, e.g. byremoving its protective shielding, but not when it is used normally.

According to one embodiment of the present invention the security devicemay comprise a magnetic field source in combination with a firstsoft-magnetic flux-closing layer. The security device can be easilyadded to an embedded or stand-alone MRAM-array. The magnetic fieldsource may for example be a permanent magnet or an electromagnet. Thepermanent magnet has an advantage of being passive, i.e. it does notrequire power to operate, nor does it require the device being operated.An electromagnet may generally be less preferred, because in that casethe protection only works during operation of the MRAM-array. It mayhowever be useful, for example when the MRAM-array is used like an SRAM(Static Random Access Memory) device for temporary storage of data.

According to the present invention the security device may be built nearthe array of MRAM-cells, and this in any direction, i.e. next to theMRAM-cells, underneath the MRAM-cells or on top of the MRAM-cells. Thedistance between the security device and the MRAM-cells is such that, incase of tampering, the magnetic flux lines of the security device, gothrough the MRAM-cells thus destroying their data content when theMRAM-array is tampered with.

Furthermore, according to the present invention, when the MRAM-cells arebuilt on a first surface of a substrate, the security device may bebuilt at the side of the substrate corresponding to this first surface,or at the side of the substrate corresponding to a second surface, whichsecond surface is opposite to the first surface of the substrate. Aplurality of security devices may also be provided. They may bedispersed over the substrate. They may either be located all at the sidecorresponding to the first surface of the substrate, or all at the sidecorresponding to the second surface of the substrate, or at least one atthe side corresponding to the first surface and at least one at the sidecorresponding to the second surface.

According to the present invention the first soft-magnetic flux-closinglayer may be so as to separate from the magnetic field source when thearray of MRAM-cells is tampered with. Through this the magnetic fluxlines of the security device are no longer deviated and go through theMRAM-cells, thus destroying their data content by aligning all magneticfields of the free layers of the MRAM-cells.

According to another embodiment of the present invention the securitydevice may furthermore comprise a magnetic field shaping device. Themagnetic field shaping device may for example be a second soft-magneticlayer being located adjacent the array of MRAM-cells at the oppositeside (with respect to the MRAM-cells) of the magnetic field source andfirst soft-magnetic layer. An advantage of this embodiment is a betterguiding of the magnetic field lines of the security device so as todestroy the data content of the MRAM-cells when the array is tamperedwith.

According to yet another embodiment of the present invention the firstsoft-magnetic layer and/or the second soft-magnetic layer may be part ofa shielding layer of the MRAM-array. An advantage hereof is that thesecurity device automatically works as soon as the packing or protectivecover around the MRAM-array is opened, either from the top or from theback.

The present invention also provides a method for protecting fromunauthorised read-out an array of MRAM-cells having a data content. Themethod comprises automatically destroying the data content of at leastsome of the MRAM-cells by a magnetic field when the array is tamperedwith.

The method may comprise generation of the magnetic field at theMRAM-cells by separating a soft-magnetic flux-closing layer from amagnetic field source such as for example a permanent magnet or anelectromagnet.

A method according to the present invention may further compriseenhancement of the magnetic field at the MRAM-cells by a magnetic fieldshaping device located adjacent the array of MRAM-cells.

These and other characteristics, features and advantages of the presentinvention will become apparent from the following detailed description,taken in conjunction with the accompanying drawings, which illustrate,by way of example, the principles of the invention. This description isgiven for the sake of example only, without limiting the scope of theinvention. The reference figures quoted below refer to the attacheddrawings.

FIG. 1 is a schematic illustration of an unaffected MRAM array providedwith a security device according to a first embodiment of the presentinvention.

FIG. 2 is a schematic illustration of the MRAM array of FIG. 1 when itis tampered with.

FIG. 3 is a schematic illustration of an MRAM array provided with asecurity device according to a second embodiment of the presentinvention.

FIG. 4 is a schematic illustration of an MRAM array provided with asecurity device according to a further embodiment of the presentinvention.

In the different drawings, the same reference figures refer to the sameor analogous elements.

The present invention will be described with respect to particularembodiments and with reference to certain drawings but the invention isnot limited thereto but only by the claims. The drawings described areonly schematic and are non-limiting. In the drawings, the size of someof the elements may be exaggerated and not drawn on scale forillustrative purposes. Where the term “comprising” is used in thepresent description and claims, it does not exclude other elements orsteps.

Furthermore, the terms first, second and the like in the description andin the claims, are used for distinguishing between similar elements andnot necessarily for describing a sequential or chronological order. Itis to be understood that the terms so used are interchangeable underappropriate circumstances and that the embodiments of the inventiondescribed herein are capable of operation in other sequences thandescribed or illustrated herein.

Moreover, the terms top, bottom, over, under and the like in thedescription and the claims are used for descriptive purposes and notnecessarily for describing relative positions. It is to be understoodthat the terms so used are interchangeable under appropriatecircumstances and that the embodiments of the invention described hereinare capable of operation in other orientations than described orillustrated herein.

According to the present invention, an array 10 of MRAM-cells 12, havinga data content is provided, which array 10 is protected with a securitydevice 14, as shown in FIG. 1.

In a first embodiment of the present invention, the security device 14comprises a permanent magnet 16, which for example, but not limitedthereto, may be a thin-film magnet. The security device 14 alsocomprises a first soft-magnetic flux-closing layer 18 positionedadjacent, e.g. above, the permanent magnet 16. The layer 18 is sometimesknown as a “keeper”. The security device 14 is built near the MRAM array10. As long as the soft-magnetic layer 18 is present adjacent, e.g.above, the permanent magnet 16, as in FIG. 1, magnetic field lines 20 ofthe permanent magnet 16 are deviated and flow through this soft-magneticlayer 18. The magnetic flux of the permanent magnet 16 is thus closed bythe soft-magnetic layer 18. As soon as the soft-magnetic layer 18 isremoved from the permanent magnet 16, i.e. when the MRAM device istampered with, e.g. by opening its enclosure for example during reverseengineering, the magnetic field lines 20 are no longer deviated andextend over the array 10 of MRAM-cells 12 as shown in FIG. 2. Themagnetic field lines 20 now effect the MRAM-cells 12 of the array 10, bychanging the magnetization direction of the free layers of theMRAM-cells 12, thus destroying the stored data of at least some of theMRAM-cells 12 by changing their magnetization direction.

In a second embodiment of the present invention, not only a permanentmagnet 16 and an adjacent first soft-magnetic layer 18 are provided, butalso magnetic field shaping device is included. The magnetic fieldshaping device may be a second soft-magnetic layer 22. This secondsoft-magnetic layer 22 is located so that the permanent magnet 16 andthe second soft-magnetic layer 22 each are at opposite sides of theMRAM-cells. For example, if the permanent magnet 16 is located at theleft-hand side of the array 10 of MRAM-cells 12, the secondsoft-magnetic layer 22 is located at the right-hand side thereof as inFIG. 3. The magnetic field lines 20 from the magnet 16 will always tryto go to the nearest soft-magnetic layer 18, 22. In the normal state themagnetic field lines 20 flow through the first soft-magnetic layer 18adjacent the permanent magnet 16. In case of tampering, when the firstsoft-magnetic layer 18 is removed, e.g. during inverse engineering, themagnetic field lines 20 flow through the second soft-magnetic layer 22at the other side (with respect to the position of the permanent magnet16) of the MRAM-cells 12. An advantage of this embodiment over the firstembodiment is that the magnetic field lines 20 now approach theMRAM-cells 12 better, and thus easier destroy the content of at leastsome of the MRAM-cells 12 by aligning the magnetization direction oftheir free layers with the direction of the magnetic field of thepermanent magnet 16 of the security device 14.

As a further embodiment of the present invention, a normal shieldinglayer of the array 10 of MRAM-cells 12 can be used as flux-closing layer18 for the permanent magnet 16. In this case, care has to be taken thatthe magnetic field lines 20 from the magnet 16 do not affect theshielding properties of the shielding layer too much. The magnetic fieldfrom the magnet should not be so high at the position of the shieldinglayer that it can saturate the shielding layer. The shielding layer ofthe array 10 of MRAM-cells 12 should therefore be thick enough so thatit is not saturated by the field from the magnet, because in saturationit cannot serve as shielding anymore.

In the hereinabove described embodiments the protection is aimed atreverse engineering from the top, i.e. that side of a substrate 24 ontowhich the MRAM-cells 12 are implemented. By implementing a soft magneticlayer 26 below the plane of the MRAM-cells 12, with an additionalpermanent magnet 28 between the MRAM-cells 12 and this soft-magneticlayer 26, the protection works against reverse engineering from thesubstrate-side. This protection may be placed at the backside of thesubstrate 24, as shown in FIG. 4.

The protection as shown in FIG. 4 can be combined e.g. with a securitydevice 14 next to the array 10, as in FIG. 1 or with a security devicenext to the array 10 and a magnetic field shaping device 22 as in FIG.3. In that case, distances should be chosen such that the field frommagnet 16 will not be influenced too much by the soft magnetic layer 26,and that the field from magnet 28 will not be influenced too much by thesoft magnetic layers 18 and/or 22.

Alternatively protection at the top and bottom side of the substrate 24can be alternating i.e. when there is a topside protection 14 in acertain area of the memory array 10 there is no back protection and viceversa. Usually it is sufficiently effective if half of the data, whichis moreover distributed over the memory area, is destroyed aftertampering.

The present invention provides a hardware protection against tamperingthat can easily be added to an embedded or stand-alone MRAM. Especiallyin applications where security is essential, such as for example insmartcards, or in which the integrity of data is crucial, e.g. programcode of the operation system in embedded MRAM in a System on Chip (SoC),the use of a security device according to the present invention may beof importance. The protection according to the present invention has theadvantage of being passive, i.e. it does not require power to operate.

It is to be understood that although preferred embodiments, specificconstructions and configurations have been discussed herein for devicesaccording to the present invention, various changes or modifications inform and detail may be made without departing from the scope and spiritof this invention.

1-14. (canceled)
 15. An array of MRAM-cells provided with a securitydevice for destroying data stored in the MRAM-cells when the array issubject to tampering, wherein the security device is a magnetic device.16. An array of MRAM-cells according to claim 15, wherein the securitydevice comprises a magnetic field source in combination with a firstsoft-magnetic flux-closing layer.
 17. An array of MRAM-cells accordingto claim 16, wherein the magnetic field source is a permanent magnet.18. An array of MRAM-cells according to claim 16, wherein the magneticfield source is an electromagnet.
 19. An array of MRAM-cells accordingto claim 15, wherein the security device is coupled with the array ofMRAM-cells.
 20. An array of MRAM-cells according to claim 15, the arraybeing built on a substrate, wherein the security device is built at thesame side of the substrate as the MRAM-cells.
 21. An array of MRAM-cellsaccording to claim 15, the array being built on a substrate, wherein thesecurity device is built at the opposite side of the substrate as theMRAM-cells.
 22. An array of MRAM-cells according to claim 16, whereinthe first soft-magnetic flux-closing layer is so as to separate from themagnetic field source when the array of MRAM-cells is tampered with. 23.An array of MRAM-cells, according to claim 15, wherein the securitydevice furthermore comprises a magnetic field shaping device.
 24. Anarray of MRAM-cells according to claim 23, wherein the magnetic fieldshaping device is a second soft-magnetic layer, the magnetic fieldsource and first soft-magnetic layer being located adjacent the array ofMRAM-cells at one side, and the second soft-magnetic layer being locatedadjacent the array of MRAM-cells at the opposite side thereof.
 25. Anarray of MRAM-cells, according to claim 16, wherein the firstsoft-magnetic layer and/or the second soft-magnetic layer are part of ashielding layer of the MRAM-array.
 26. A method for protecting fromunauthorised read-out an array of MRAM-cells having a data content, themethod comprising automatically destroying the data content of at leastsome of the MRAM-cells by a magnetic field when the array is tamperedwith.
 27. A method according to claim 26, wherein the magnetic field isgenerated at the MRAM-cells by separating a soft-magnetic flux-closinglayer from a magnetic field source.
 28. A method according to claim 26wherein the magnetic field at the MRAM-cells is enhanced by a magneticfield shaping device located adjacent the array of MRAM-cells.
 29. Atamper-resistant memory device comprising: a plurality of MRAM-cells;and at least one security device coupled with said MRAM-cells, saidsecurity device including a magnetic source and a soft magnetic layer;wherein the soft magnetic layer deviates magnetic field lines of themagnetic source, such that the plurality of MRAM-cells are unaffected bysaid magnetic field lines; and further wherein tampering with thetamper-resistant memory device comprises at least a partial removal ofsaid soft magnetic layer which causes said magnetic field lines todestroy at least some of the plurality of MRAM-cells.
 30. Thetamper-resistant memory device of claim 29, wherein the magnetic sourceis a permanent magnet.
 31. The tamper-resistant memory device of claim30, wherein the shielding layer is a first soft-magnetic flux-closinglayer.
 32. The tamper-resistant memory device of claim 29, wherein saidmemory device is configured to cause said soft magnetic layer toseparate from said magnetic source when the memory device is subject totampering.
 33. The tamper-resistant memory device of claim 29 furthercomprising a magnetic field shaping device.
 34. The tamper-resistantmemory device of claim 33, wherein the magnetic field shaping device isa second soft-magnetic layer, the magnetic field source and firstsoft-magnetic layer being located adjacent the array of MRAM-cells atone side, and the second soft-magnetic layer being located adjacent thearray of MRAM-cells at the opposite side thereof.